New ransomware emerged these days called “Clop”.
There’s no proven link between Clop and any other known ransomware families,
although the dropped ransom note is similar with a few of them. The
cybercriminals encourage the victims to contact them as soon as possible using
the two email addresses (servicedigilogos@protonmail.com and
managersmaers@tutanota.com) mentioned in the ransom note, as they claim to
provide discounts of up to 50%; otherwise, the price could go up. After a few
days, they claim they delete the uploaded encryption keys and recovery would be
impossible.

Clopransomware – test findings

The encryption begins as soon as the payload is launched,
which in case of Clop, is usually bundled in some popular file formats used in
office environments. Windows volume shadow copies of the files are also
deleted. The ransomware generates a pair of encryption/decryption keys which
later uploads using unencrypted connections to the command and control server.
Theoretically, using network sniffing techniques, these packets could be
captured and used to decrypt the files without paying the ransom. The attacked
files receive the new extension “.clop”.

Clop ransomware vs Ranstop – test results

TEMASOFT Ranstop
detects this version of Clop ransomware soon after it starts encrypting files.
Upon detection, alerts are fired off, and the malware process is stopped and
quarantined. The affected files are automatically recovered so that the user
doesn’t lose any important data.

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.

We have updated our policies to incorporate the changes specified in Regulation (EU) 2016/679 on the protection of individuals concerning the processing of personal data and on the free movement of such data. Please read how Temasoft processes personal data on our Privacy Policy page. By continuing to browse our site, confirm your acceptance of the use of cookies. Your data can be deleted at any time by following the instructions in the Cookie Policy or Privacy Policy sections.